Merge pull request #35062 from geoand/#31941

Take `quarkus.tls.trust-all` into account in Otlp export
quarkusio · Jul 28, 2023 · 9419f8e · 9419f8e
2 parents 6629767 + c3e6ea2
commit 9419f8e
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 3 deletions.
diff --git a/...rc/main/java/io/quarkus/opentelemetry/deployment/exporter/otlp/OtlpExporterProcessor.java b/...rc/main/java/io/quarkus/opentelemetry/deployment/exporter/otlp/OtlpExporterProcessor.java
@@ -28,6 +28,7 @@
 import io.quarkus.opentelemetry.runtime.exporter.otlp.EndUserSpanProcessor;
 import io.quarkus.opentelemetry.runtime.exporter.otlp.LateBoundBatchSpanProcessor;
 import io.quarkus.opentelemetry.runtime.exporter.otlp.OtlpRecorder;
+import io.quarkus.runtime.TlsConfig;
 import io.quarkus.vertx.core.deployment.CoreVertxBuildItem;
 
 @BuildSteps(onlyIf = OtlpExporterProcessor.OtlpExporterEnabled.class)
@@ -62,6 +63,7 @@ void createEndUserSpanProcessor(
     SyntheticBeanBuildItem createBatchSpanProcessor(OtlpRecorder recorder,
             OTelRuntimeConfig otelRuntimeConfig,
             OtlpExporterRuntimeConfig exporterRuntimeConfig,
+            TlsConfig tlsConfig,
             CoreVertxBuildItem vertxBuildItem) {
         return SyntheticBeanBuildItem
                 .configure(LateBoundBatchSpanProcessor.class)
@@ -71,7 +73,7 @@ SyntheticBeanBuildItem createBatchSpanProcessor(OtlpRecorder recorder,
                 .unremovable()
                 .addInjectionPoint(ParameterizedType.create(DotName.createSimple(Instance.class),
                         new Type[] { ClassType.create(DotName.createSimple(SpanExporter.class.getName())) }, null))
-                .createWith(recorder.batchSpanProcessorForOtlp(otelRuntimeConfig, exporterRuntimeConfig,
+                .createWith(recorder.batchSpanProcessorForOtlp(otelRuntimeConfig, exporterRuntimeConfig, tlsConfig,
                         vertxBuildItem.getVertx()))
                 .done();
 

diff --git a/...ry/runtime/src/main/java/io/quarkus/opentelemetry/runtime/exporter/otlp/OtlpRecorder.java b/...ry/runtime/src/main/java/io/quarkus/opentelemetry/runtime/exporter/otlp/OtlpRecorder.java
@@ -25,6 +25,7 @@
 import io.quarkus.opentelemetry.runtime.config.runtime.exporter.CompressionType;
 import io.quarkus.opentelemetry.runtime.config.runtime.exporter.OtlpExporterRuntimeConfig;
 import io.quarkus.opentelemetry.runtime.config.runtime.exporter.OtlpExporterTracesConfig;
+import io.quarkus.runtime.TlsConfig;
 import io.quarkus.runtime.annotations.Recorder;
 import io.vertx.core.Vertx;
 import io.vertx.core.http.HttpClientOptions;
@@ -39,7 +40,7 @@ public class OtlpRecorder {
     public Function<SyntheticCreationalContext<LateBoundBatchSpanProcessor>, LateBoundBatchSpanProcessor> batchSpanProcessorForOtlp(
             OTelRuntimeConfig otelRuntimeConfig,
             OtlpExporterRuntimeConfig exporterRuntimeConfig,
-            Supplier<Vertx> vertx) {
+            TlsConfig tlsConfig, Supplier<Vertx> vertx) {
         URI grpcBaseUri = getGrpcBaseUri(exporterRuntimeConfig); // do the creation and validation here in order to preserve backward compatibility
         return new Function<>() {
             @Override
@@ -128,6 +129,10 @@ private void configureTLS(HttpClientOptions options) {
                                     options.setSsl(true);
                                     options.setUseAlpn(true);
                                 }
+                                if (tlsConfig.trustAll) {
+                                    options.setTrustAll(true);
+                                    options.setVerifyHost(false);
+                                }
                             }
 
                             private KeyCertOptions toPemKeyCertOptions(OtlpExporterTracesConfig configuration) {

diff --git a/...t/java/io/quarkus/it/opentelemetry/vertx/grpc/exporter/OtelCollectorLifecycleManager.java b/...t/java/io/quarkus/it/opentelemetry/vertx/grpc/exporter/OtelCollectorLifecycleManager.java
@@ -45,6 +45,7 @@ public class OtelCollectorLifecycleManager implements QuarkusTestResourceLifecyc
     private SelfSignedCertificate serverTls;
     private SelfSignedCertificate clientTlS;
     private boolean enableTLS = false;
+    private boolean preventTrustCert = false;
     private boolean enableCompression = false;
     private Vertx vertx;
 
@@ -58,6 +59,11 @@ public void init(Map<String, String> initArgs) {
         var enableTLSStr = initArgs.get("enableTLS");
         if (enableTLSStr != null && !enableTLSStr.isEmpty()) {
             enableTLS = Boolean.parseBoolean(enableTLSStr);
+
+            var preventTrustCertStr = initArgs.get("preventTrustCert");
+            if (preventTrustCertStr != null && !preventTrustCertStr.isEmpty()) {
+                preventTrustCert = Boolean.parseBoolean(preventTrustCertStr);
+            }
         }
 
         var enableCompressionStr = initArgs.get("enableCompression");
@@ -112,7 +118,9 @@ public Map<String, String> start() {
         if (enableTLS) {
             result.put("quarkus.otel.exporter.otlp.traces.endpoint",
                     "https://" + collector.getHost() + ":" + collector.getMappedPort(COLLECTOR_OTLP_GRPC_MTLS_PORT));
-            result.put("quarkus.otel.exporter.otlp.traces.trust-cert.certs", serverTls.certificatePath());
+            if (!preventTrustCert) {
+                result.put("quarkus.otel.exporter.otlp.traces.trust-cert.certs", serverTls.certificatePath());
+            }
             result.put("quarkus.otel.exporter.otlp.traces.key-cert.certs", clientTlS.certificatePath());
             result.put("quarkus.otel.exporter.otlp.traces.key-cert.keys", clientTlS.privateKeyPath());
         } else {

diff --git a/.../quarkus/it/opentelemetry/vertx/grpc/exporter/WithTLSWithTrustAllWithCompressionTest.java b/.../quarkus/it/opentelemetry/vertx/grpc/exporter/WithTLSWithTrustAllWithCompressionTest.java
@@ -0,0 +1,30 @@
+package io.quarkus.it.opentelemetry.vertx.grpc.exporter;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.QuarkusTestProfile;
+import io.quarkus.test.junit.TestProfile;
+
+@QuarkusTest
+@TestProfile(WithTLSWithTrustAllWithCompressionTest.Profile.class)
+public class WithTLSWithTrustAllWithCompressionTest extends AbstractExporterTest {
+
+    public static class Profile implements QuarkusTestProfile {
+        @Override
+        public Map<String, String> getConfigOverrides() {
+            return Map.of("quarkus.tls.trust-all", "true");
+        }
+
+        @Override
+        public List<TestResourceEntry> testResources() {
+            return Collections.singletonList(
+                    new TestResourceEntry(
+                            OtelCollectorLifecycleManager.class,
+                            Map.of("enableTLS", "true", "enableCompression", "true", "preventTrustCert", "true")));
+        }
+    }
+
+}